From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-eopbgr10041.outbound.protection.outlook.com [40.107.1.41]) by dpdk.org (Postfix) with ESMTP id AF0591B31A for ; Sun, 15 Oct 2017 15:13:18 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Mellanox.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=pgwpaJxkQm81NGPY+ArZNGH6QodxJg/lJTZASma2+wg=; b=bAIpyTnsObK+/ECXDp++UC5VGb04pLQl2ld34ku3BwgjBRAMr++uwi4mAC3g/5oPTNRQfLsavi2Jea0NmgmtKKVC3NATj+6nAC9E60OR8KkStUIytfrD6mTsq193+bBNk4rGp+jYs6FsEa+DLmBaIzDQiSh8Pt27757SoK/sRXw= Received: from VI1PR05MB3149.eurprd05.prod.outlook.com (10.170.237.142) by VI1PR05MB3182.eurprd05.prod.outlook.com (10.170.237.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.77.7; Sun, 15 Oct 2017 13:13:16 +0000 Received: from VI1PR05MB3149.eurprd05.prod.outlook.com ([fe80::3c3c:8f27:30a1:cd59]) by VI1PR05MB3149.eurprd05.prod.outlook.com ([fe80::3c3c:8f27:30a1:cd59%13]) with mapi id 15.20.0077.022; Sun, 15 Oct 2017 13:13:16 +0000 From: Shahaf Shuler To: Akhil Goyal , "dev@dpdk.org" CC: "declan.doherty@intel.com" , "pablo.de.lara.guarch@intel.com" , "hemant.agrawal@nxp.com" , "radu.nicolau@intel.com" , Boris Pismenny , "Aviad Yehezkel" , Thomas Monjalon , "sandeep.malik@nxp.com" , "jerin.jacob@caviumnetworks.com" , "john.mcnamara@intel.com" , "konstantin.ananyev@intel.com" , "olivier.matz@6wind.com" Thread-Topic: [PATCH v4 06/12] ethdev: support security APIs Thread-Index: AQHTRXvZeSHRNQQAGkOn4pT0P/b2bqLk4Hug Date: Sun, 15 Oct 2017 13:13:15 +0000 Message-ID: References: <20171006181151.4758-1-akhil.goyal@nxp.com> <20171014221734.15511-1-akhil.goyal@nxp.com> <20171014221734.15511-7-akhil.goyal@nxp.com> In-Reply-To: <20171014221734.15511-7-akhil.goyal@nxp.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=shahafs@mellanox.com; x-originating-ip: [193.47.165.251] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1; VI1PR05MB3182; 6:s7i5wsj3CHRbWRxXTDER0F3FCQoyr1Uj4xQUMH62H7TE0KU43HBzpDbGCLqCH+8Tv+qxN3dd2Afa/jAJedHdhOw+dK0CZEXIXhUKC3Lcf6cC/Bp0lJ/Denn9Wxi88JMChup+5BfJt4Bt1Y8W/UdnC/NQ/4JJybgfnyM8vqzY/V+SopOJvZd3ZkoP6bDAKt3gJZDFvWtzQJPVF06C48ohNZZAuBB9HcTHSDAqccTNmedULKahZr+yMRqMtSnfp3sG8itgeCMh8hSXxsNB9q4UTZbAK7vUMxUvng9zdORz5+rP98qjGQurvWq4QwNLrjT2Qu3+mP+zLDj/xksowMXy0w==; 5:8AxG50LXGgi7AaKA0ghwwiXBuNksFe3VWQqiV9TTzBItcfyCjOEQp9T3dpQK+JhRgrPc0TwuaH6rxGa4BYXfY93JdHtYC+9P4LteZM7o/6TPkvduJ4iNT1HnWGAnZA9e5hzcymBiXlEdbNXwaSJlew==; 24:EuRYPFw5Jt4VR9asNQ5meKHXcXWIzTBn2VKkG87oni/Ztc4saY3uDGnZayExBTGjnfvKMr4GsZ2e73unr676/xc4NtVLvU5Ab3Ejyc0BvQk=; 7:/C4T/G36aWP/vbTtt+LnRgGDe6KGvy35VVH8igUOaTRfDIZ4o8Z0sJNNA6jaxEaXSMLdwFYgTXKUhoqbVYXUZJiJPNSzmOZ077DTxRiq9JWxTxbPfvDAyuyfZjTmT4CNUElk1h20SeGgupDcOb0gnc7a7mHVpHGVp5tkvLab4d+f5ni5HNToSD+xaXSxBURgAsrKCo/yFJ+zGhkG3ZDwz5iYP2+ExQqs3sIWAEE113g= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: ff408221-e2e2-428f-6665-08d513ce7f2f x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(2017030254152)(48565401081)(2017052603199)(201703131423075)(201703031133081)(201702281549075); SRVR:VI1PR05MB3182; x-ms-traffictypediagnostic: VI1PR05MB3182: x-ld-processed: a652971c-7d2e-4d9b-a6a4-d149256f461b,ExtAddr x-exchange-antispam-report-test: UriScan:(192374486261705)(228905959029699); x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(10201501046)(3002001)(100000703101)(100105400095)(93006095)(93001095)(6055026)(6041248)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123558100)(20161123560025)(20161123555025)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:VI1PR05MB3182; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:VI1PR05MB3182; x-forefront-prvs: 046164D5C4 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(6009001)(346002)(376002)(39860400002)(377454003)(199003)(189002)(66066001)(81166006)(5250100002)(81156014)(106356001)(8936002)(99286003)(6506006)(6436002)(55016002)(7696004)(53936002)(9686003)(68736007)(2950100002)(4326008)(97736004)(229853002)(110136005)(54906003)(101416001)(50986999)(76176999)(6246003)(316002)(54356999)(33656002)(74316002)(189998001)(8676002)(2501003)(105586002)(305945005)(7736002)(86362001)(14454004)(2906002)(6116002)(5660300001)(3280700002)(3660700001)(2900100001)(15650500001)(102836003)(3846002)(478600001)(7416002)(25786009)(8656003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR05MB3182; H:VI1PR05MB3149.eurprd05.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en; received-spf: None (protection.outlook.com: mellanox.com does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: Mellanox.com X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2017 13:13:15.9546 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: a652971c-7d2e-4d9b-a6a4-d149256f461b X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB3182 Subject: Re: [dpdk-dev] [PATCH v4 06/12] ethdev: support security APIs X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Oct 2017 13:13:19 -0000 Hi Akhil, Sunday, October 15, 2017 1:17 AM, Akhil Goyal: > From: Declan Doherty >=20 > rte_flow_action type and ethdev updated to support rte_security sessions > for crypto offload to ethernet device. >=20 > Signed-off-by: Boris Pismenny > Signed-off-by: Aviad Yehezkel > Signed-off-by: Radu Nicolau > Signed-off-by: Declan Doherty > --- > lib/librte_ether/rte_ethdev.c | 11 +++++++++++ > lib/librte_ether/rte_ethdev.h | 18 ++++++++++++++++-- > lib/librte_ether/rte_ethdev_version.map | 1 + > 3 files changed, 28 insertions(+), 2 deletions(-) >=20 > diff --git a/lib/librte_ether/rte_ethdev.c b/lib/librte_ether/rte_ethdev.= c > index 0b1e928..9520f1e 100644 > --- a/lib/librte_ether/rte_ethdev.c > +++ b/lib/librte_ether/rte_ethdev.c > @@ -301,6 +301,17 @@ rte_eth_dev_socket_id(uint16_t port_id) > return rte_eth_devices[port_id].data->numa_node; > } >=20 > +void * > +rte_eth_dev_get_sec_ctx(uint8_t port_id) { > + RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, NULL); > + > + if (rte_eth_devices[port_id].data->dev_flags & > RTE_ETH_DEV_SECURITY) > + return rte_eth_devices[port_id].data->security_ctx; > + > + return NULL; > +} > + > uint16_t > rte_eth_dev_count(void) > { > diff --git a/lib/librte_ether/rte_ethdev.h b/lib/librte_ether/rte_ethdev.= h > index aaf02b3..159bb73 100644 > --- a/lib/librte_ether/rte_ethdev.h > +++ b/lib/librte_ether/rte_ethdev.h > @@ -180,6 +180,8 @@ extern "C" { > #include > #include > #include > +#include > + > #include "rte_ether.h" > #include "rte_eth_ctrl.h" > #include "rte_dev_info.h" > @@ -379,7 +381,8 @@ struct rte_eth_rxmode { > * This bit is temporary till rxmode bitfield offloads API will > * be deprecated. > */ > - ignore_offload_bitfield : 1; > + ignore_offload_bitfield : 1, > + enable_sec : 1; /**< Enable security offload */ I suggest to keep the ignore_offload_bitfield last. Also you should update the convert function. See: rte_eth_convert_rx_offload_bitfield rte_eth_convert_rx_offloads > }; >=20 > /** > @@ -707,8 +710,10 @@ struct rte_eth_txmode { > /**< If set, reject sending out tagged pkts */ > hw_vlan_reject_untagged : 1, > /**< If set, reject sending out untagged pkts */ > - hw_vlan_insert_pvid : 1; > + hw_vlan_insert_pvid : 1, > /**< If set, enable port based VLAN insertion */ > + enable_sec : 1; > + /**< Enable security offload */ Am copying the comment and answer from v2 on the Tx offload. Seems like we = agreed, why it is not addressed?=20 From: Radu Nicolau radu.nicolau at intel.com > Already comment on it in the previous version [1]. > I don't think there is a justification to introduce new approach to set T= x offloads given there is already patch set which provides such new API [2]= . > I think this patch should be on top of it. I agree with you, that is if the new offload API will be merged we will=20 also change this one. But until then it makes testing and developing=20 more difficult. > }; >=20 > /** > @@ -969,6 +974,7 @@ struct rte_eth_conf { #define > DEV_RX_OFFLOAD_VLAN (DEV_RX_OFFLOAD_VLAN_STRIP | \ > DEV_RX_OFFLOAD_VLAN_FILTER | \ > DEV_RX_OFFLOAD_VLAN_EXTEND) > +#define DEV_RX_OFFLOAD_SECURITY 0x00000100 >=20 > /** > * TX offload capabilities of a device. > @@ -998,6 +1004,7 @@ struct rte_eth_conf { > * When set application must guarantee that per-queue all mbufs comes > from > * the same mempool and has refcnt =3D 1. > */ > +#define DEV_TX_OFFLOAD_SECURITY 0x00008000 >=20 > struct rte_pci_device; >=20 > @@ -1736,6 +1743,9 @@ struct rte_eth_dev { > enum rte_eth_dev_state state; /**< Flag indicating the port state */ > } __rte_cache_aligned; >=20 > +void * > +rte_eth_dev_get_sec_ctx(uint8_t port_id); > + > struct rte_eth_dev_sriov { > uint8_t active; /**< SRIOV is active with 16, 32 or 64 po= ols */ > uint8_t nb_q_per_pool; /**< rx queue number per pool */ > @@ -1796,6 +1806,8 @@ struct rte_eth_dev_data { > int numa_node; /**< NUMA node connection */ > struct rte_vlan_filter_conf vlan_filter_conf; > /**< VLAN filter configuration. */ > + void *security_ctx; > + /**< Context for security ops */ > }; >=20 > /** Device supports hotplug detach */ > @@ -1806,6 +1818,8 @@ struct rte_eth_dev_data { #define > RTE_ETH_DEV_BONDED_SLAVE 0x0004 > /** Device supports device removal interrupt */ > #define RTE_ETH_DEV_INTR_RMV 0x0008 > +/** Device supports inline security processing */ > +#define RTE_ETH_DEV_SECURITY 0x0010 I have to insist about this one. I don't understand which extra functionali= ty it provides in compare to the DEV_RX_OFFLOAD_SECURITY or DEV_TX_OFFLOAD_= SECURITY. Answer from previous version was to "allow to advertise that a device has = security features without the need to check exactly which ones are they". I think this is exactly what DEV_RX_OFFLOAD_SECURITY and DEV_TX_OFFLOAD_SEC= URITY means. Those flags does not provide the full capabilities of the diff= erent security offload supported by the device (those should be queried thr= ough rte_scurity APIs).=20 >=20 > /** > * @internal > diff --git a/lib/librte_ether/rte_ethdev_version.map > b/lib/librte_ether/rte_ethdev_version.map > index e27f596..3cc6a64 100644 > --- a/lib/librte_ether/rte_ethdev_version.map > +++ b/lib/librte_ether/rte_ethdev_version.map > @@ -194,5 +194,6 @@ DPDK_17.11 { > rte_eth_dev_pool_ops_supported; > rte_eth_dev_reset; > rte_flow_error_set; > + rte_eth_dev_get_sec_ctx; >=20 > } DPDK_17.08; > -- > 2.9.3